Limited Additional Mechanisms for PKIX and SMIME (lamps)

WG Name Limited Additional Mechanisms for PKIX and SMIME
Acronym lamps
Area Security Area (sec)
State Active
Charter charter-ietf-lamps-02-00 External review
Status Update Show update (last changed 2017-11-16)
Dependencies Document dependency graph (SVG)
Additional URLs
- Wiki
- Issue tracker
Personnel Chairs Russ Housley
Timothy Hollebeek
Area Director Eric Rescorla
Mailing list Address spasm@ietf.org
To subscribe https://www.ietf.org/mailman/listinfo/spasm
Archive https://mailarchive.ietf.org/arch/browse/spasm/
Jabber chat Room address xmpp:lamps@jabber.ietf.org?join
Logs https://jabber.ietf.org/logs/lamps/

Charter for Working Group

The PKIX and S/MIME Working Groups have been closed for some time. Some
updates have been proposed to the X.509 certificate documents produced
by the PKIX Working Group and the electronic mail security documents
produced by the S/MIME Working Group.

The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working
Group is chartered to make updates where there is a known constituency
interested in real deployment and there is at least one sufficiently
well specified approach to the update so that the working group can
sensibly evaluate whether to adopt a proposal.

Having completed the S/MIME 4.0 specifications and updates to support
i18n email addresses in PKIX certificates, the LAMPS WG is now tackling
these topics:

1. Specify a discovery mechanism for CAA records to replace the one
described in RFC 6844.

2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME.

RFC 6844 describes the mechanism by which CAA records relating to a
domain are discovered. Implementation experience has demonstrated an
ambiguity in the current processing of CNAME and DNAME records during
discovery. Subsequent discussion has suggested that a different
discovery approach would resolve limitations inherent in the current
approach.

Unlike the previous hashing standards, the SHA-3 family of functions are
the outcome of an open competition. They have a clear design rationale
and have received a lot of public analysis, which gives great confidence
that the SHA-3 family of functions are secure. Also, since SHA-3 uses a
very different construction from SHA-2, the SHA-3 family of functions
offers an excellent alternative. In particular, SHAKE128/256 and
SHAKE256/512 offer security and performance benefits.

In addition, the LAMPS Working Group may investigate other updates to
the documents produced by the PKIX and S/MIME Working Groups, but the
LAMPS Working Group shall not adopt any of these potential work items
without rechartering.

Milestones

Date Milestone
Dec 2018 Hash-based signatures with the CMS sent to IESG for standards track publication
Oct 2018 The CMS with PSK sent to IESG for standards track publication
Oct 2018 Short-lived certificate conventions sent to IESG for BCP publication
Sep 2018 SHAKE128/256 and SHAKE256/512 for S/MIME sent to IESG for standards track publication
Sep 2018 SHAKE128/256 and SHAKE256/512 for PKIX sent to IESG for standards track publication
Aug 2018 Root key rollover certificate extension sent to IESG for informational publication
Jul 2018 rfc6844bis sent to IESG for standards track publication
Jun 2018 Adopt a draft for root key rollover certificate extension
Jun 2018 Adopt a draft for hash-based signatures with the CMS
Jun 2018 Adopt a draft for the CMS with PSK
Jun 2018 Adopt a draft for short-lived certificate conventions
Done Adopt a S/MIME draft for SHAKE128/256 and SHAKE256/512
Done Adopt a PKIX draft for SHAKE128/256 and SHAKE256/512
Done Adopt a draft for rfc6844bis